Cyber attacks are a growing problem for UK organisations and their employees, which is only expected to increase over time. Phishing campaigns, man-in-the-middle attacks, SIM swapping, account compromises and data breaches are some of the modern-day attack methods that can cause significant damage to businesses – subsequently affecting customers and employees as well.
The rise in these attacks is, in part, due to poor cyber hygiene practices. For example, 100,000 of the most-used passwords – including “123456” – have reportedly been compromised by hackers on a global scale, but are still in use. To understand attitudes surrounding cyber hygiene habits and security practices in the UK, Yubico has released findings from its inaugural State of Global Enterprise Authentication survey.
In the research, UK businesses consistently ranked poorly in taking cybersecurity seriously and educating employees. For example, only 42 percent of UK respondents said they were required to go through frequent cybersecurity training. This lack of training is leading to several poor habits when it comes to cybersecurity.
For example, despite stolen login credentials being a top cybersecurity concern, 47 percent of UK respondents admitted to writing down or sharing their passwords in the last 12 months. They also admitted to additional poor cyber hygiene practices including:
- Allowing someone else to use a work-issued device (33 percent)
- Using a personal device for work (58 percent)
- Having an account reset due to lost and/or forgotten credentials (58 percent)
- Using a work-issued device for personal use (49 percent)
Furthermore, 48 percent claim to have been exposed to a cyber attack, such as phishing attempts, at work during the last 12 months however, concerningly, a majority of those exposed do not report them.
Among those who had been exposed to a cyber attack in the last 12 months, respondents were asked which new security technologies or policies, if any, their organisation implemented as a result. Very few companies implemented phishing-resistant cybersecurity methods in response. Instead, almost a third of respondents (28 percent) simply had their username and password reset and nearly a quarter (23 percent) were required to attend mandatory cyber security training.
These issues are widespread but often overlooked, emphasising a need for businesses to improve their cybersecurity and online habits to reduce the risks of a major cyber attack or data breach.
Niall McConachie, regional director (UK & Ireland) at Yubico, comments on the survey’s findings and explains what is needed to improve cyber hygiene and data security practices amongst UK organisations:
“Cyber attacks, and how to prevent them, should be top of mind for every organisation. However, our research reveals a remarkable disparity between the risks of cyber attacks and businesses’ attitudes towards them.
“How seriously someone takes cybersecurity depends, to a large degree, on their employer. Therefore, in addition to requiring frequent and up-to-date security training, UK organisations should consider implementing phishing-resistant solutions such as strong two-factor authentication or multi-factor authentication (2FA/MFA) that offer security and convenience. FIDO2 security keys, for example, have been proven to be the most effective phishing-resistant option for business-wide cybersecurity. By removing the reliance on passwords, MFA and strong 2FA are more user-friendly and can be used for both personal and professional data security. This is especially important as cyber attacks are not limited to companies but can directly target customers and employees too.
“Companies need to be more proactive in changing attitudes surrounding cybersecurity, as employees at all levels can be the biggest strength or weakness in cybersecurity. Regular cyber training paired with robust passwordless security will equip employees to be effective cyber defenders.”
